Passions are so high over the National Security Agency’s record collection programs that congressional turmoil over that issue has done collateral damage to another subject this year: cybersecurity legislation.
President Barack Obama’s executive order on cybersecurity early this year took last year’s most difficult cybersecurity topic in Congress — private sector security standards for industry owners of the most important computer networks — off the table, clearing the way for action on other kinds of legislation aimed at defending the nation’s digital infrastructure.
In the spring, the House overwhelmingly approved legislation (HR 624) meant to improve cybersecurity threat information sharing between businesses and the federal government, despite concerns over how and whether the NSA would receive any private data of U.S. citizens that’s currently held in the hands of industry. But after the public’s negative response to this summer’s revelations by a fugitive intelligence contractor about all the information the NSA was already collecting about U.S. citizens, lawmakers and outside experts saw little political momentum for cybersecurity information-sharing legislation.
Obama administration officials and backers of cybersecurity threat information-sharing bills have tried to argue the issues are entirely unrelated.
“We cannot allow these separate debates to become conflated,” Army Gen. Martin E. Dempsey, chairman of the Joint Chiefs of Staff, said after Snowden’s revelations made headlines. Dempsey said one is about collecting intelligence to capture foreign terrorists and their domestic co-conspirators, while the other is about sharing information about malware to protect against different kind of attacks.
But the argument has had little effect so far. Compounding the problem is that the same House and Senate Intelligence committees that would steer cybersecurity information sharing legislation have had their hands full working on bills to adjust the NSA phone record and Internet data collection programs.